package top.qitun.tian.security;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;


@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
//@ComponentScan(basePackages = "top.qitun.tian.security")
public class ApiSecurityConfig extends AbstractWebSecurityConfig {
	@Value("${spring.cloud.config.profile}")
	private String profile;

	@Override
    public void configure(WebSecurity web) throws Exception {
        //忽略权限校验的访问路径
        web
            .ignoring()
            .antMatchers(
                "/authenticate",
                "/favicon.ico",
                "/swagger**/**",
                "/*/v2/api-docs",
                "/**/api-docs",
                "/webjars/**",
                "/*/user/register",
                "/admin/**",
                "/user/login"
            )
            .antMatchers(HttpMethod.POST, "/user/register")
        ;
    }

    @Override
    protected void configure(HttpSecurity security) throws Exception {
    	if("prod".equals(profile)){
	        security
	            .authorizeRequests()
	            .antMatchers(HttpMethod.POST, "/**/auth/token").permitAll();
	        super.configure(security);
    	}else{
    		security
            .csrf().disable();
    	}
    }
}
